CVE CyberSecurity Database News

CVE-2023-35993 - Deep Dive into a Use-After-Free Kernel Vulnerability in Apple Systems (with Exploit Details & Fixes)

Poster -

Apple systems are known for robust security, but sometimes dangerous vulnerabilities slip through. One major example is CVE-2023-35993. If you use Macs, iPhones, iPads, Apple TV, or Apple Watch, this write-up is for you.

Below, I’ll explain this security flaw in simple terms: what went wrong, how attackers could abuse it, how Apple fixed it, example code to illustrate the bug, and where you can read more.

Severity: High, as kernel code execution can completely compromise the device

A "use-after-free" issue happens when a program frees (deletes) a chunk of memory but still tries to use it later. If attackers can control what’s now in that memory, they might run their own code with system-level rights.


## What Devices/Systems Are Vulnerable?

macOS Big Sur before 11.7.9

- iOS/iPadOS 15 before 15.7.8
- iOS/iPadOS 16 before 16.6

Exploit Scenario (Explained Simply)

Suppose a malicious app can interact with a buggy kernel interface. If the app triggers the use-after-free bug at the right time, it can inject code into the freed memory zone. Next time the system "uses" this zone, it runs the attacker’s code *as kernel*, potentially giving the attacker complete control.

Let’s imagine a simplified pseudo-code mimic of the bug

// Pseudo-code for Use-After-Free

typedef struct {
    // ... object fields
    void (*callback)(void *);
} obj_t;

void delete_obj(obj_t *obj) {
    free(obj);
}

void handle_req(obj_t *obj) {
    delete_obj(obj);              // object is now freed

    // OOPS: Using the object after free!
    obj->callback(obj);           // <-- UAF: attacker controls obj now!
}

What’s the risk?
If an attacker manages to control the memory that was just freed (now possibly allocated for something new under their control), they can set callback to point to malicious code. Now, with kernel permissions, that's game over for device security.

How Was It Fixed?

Apple solved this by improving memory management. The patched code ensures that once an object is freed, there are no dangling pointers left—nothing can mistakenly use it after its lifetime. In programming terms, they made sure not to access anything after it’s released.

Apple’s official security advisory confirms

> "A use after free issue was addressed with improved memory management."  
> Credit to security researcher Justin Wan for reporting.

Can attackers really use this?

Yes! In many cases, use-after-free bugs in the kernel let attackers escape the sandbox, steal private data, or plant persistent malware. An actual exploit would require a deep understanding of kernel internals and reliable exploitation primitives—but this is *exactly* the kind of bug nation-state attackers go after.

A malicious app from the App Store probably couldn’t exploit this directly, but with extra vulnerabilities combined, this could form a devastating "chain” exploit.

What might an exploit look like? (In Pseudocode)

// Attacker triggers use-after-free and re-uses memory

allocate_kernel_obj();
free_kernel_obj();                          // Step 1: free it

spray_memory_with_malicious_structs();      // Step 2: fill freed slot

trigger_kernel_to_call_freed_pointer();     // Step 3: gain code execution!

In practice, attackers might use *IOKit* code or custom kernel interfaces. See the links at the end for detailed technical write-ups.

How to Protect Yourself

Update as soon as possible!

Mac: System Preferences > Software Update

- iOS/iPadOS: Settings > General > Software Update

You can see the official list of patched releases here

- HT213839 for iOS/iPadOS 15.7.8, macOS Monterey 12.6.8
- HT213840 for iOS/iPadOS 16.6, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5
- HT213841 for macOS Big Sur 11.7.9

Here are the best references

- Apple’s official advisory for CVE-2023-35993
- CVE Report: CVE-2023-35993
- The Exploit Database: UAF Vulnerabilities

Summary

- CVE-2023-35993 is a serious kernel bug affecting many Apple devices and could be used to hack your device at the deepest level.

Apple responded quickly with updates—install them now.

- Use-after-free issues are dangerous: they let attackers run their own code in your system’s brain (the kernel), risking everything from privacy leaks to complete takeover.

Stay safe, keep your Apple gear updated, and keep watch for future security news!

*(This post is an exclusive deep dive into CVE-2023-35993, written in plain English for easy understanding.)*

Timeline

Published on: 07/27/2023 01:15:32 UTC
Last modified on: 08/03/2023 17:01:05 UTC